Multitech RouteFinder RF850, RouteFinder RF860 User Manual

RouteFinder

Internet Security Appliance

RF850

RF860

User Guide

RouteFinder RF850/860 Document Number: S000400E, Revision E

This publication may not be reproduced, in whole or in part, without prior expressed written permission from Multi-Tech Systems, Inc. All rights reserv ed.

Copyright © 2006-2008 by Multi-Tech Systems, Inc. Multi-Tech Systems, Inc. makes no representations or warranties with respect to the contents hereof and specifically disclaims any implied warranties of merchantability or fitness for any particular purpose. Furthermore, Multi-Tech Systems, Inc. reserves the right to revise this publication and to make changes from time to time in the content hereof without obligation of Multi-Tech Systems, Inc. to notify any person or organization of such revisions or changes.

Record of Revisions

Revision

A 04/17/06 Initial release. Software version 3.30. 05/24/06 Corrections made on 5/24: Changed all references to the content filtering

B 06/01/06 Added explanation of Load Balancing on the Network Setup screen. C 04/05/07 Updated for Software 3.32. Changed examples 1 and 2. Added Table of

D 09/05/07 Added "Description of Syslog Messages" to Appendix A – Disposition of

E 04/14/08 Changes for software version 3.34. Added a drawing of the RouteFinder with

Patents

This device is covered by one or more of the following U.S. Patent Numbers: 6,219,708; 5,301,274; 5,309,562; 5,355,365; 5,355,653; 5,452,289; 5,453.986. The modem is covered by one or more of the following U.S. Patent Numbers: 6,031,867; 6,012,113; 6,009,082; 5,905,794; 5,864,560; 5,815,567; 5,815,503; 5,812,534; 5,809,068; 5,790,532; 5,764,628; 5,764,627; 5,754,589; D394,250; 5,724,356; 5,673,268; 5,673,257; 5,644,594; 5,628,030; 5,619,508; 5,617,423; 5,600,649; 5,592,586; 5,577,041; 5,574,725; D374,222; 5,559,793; 5,546,448; 5,546,395; 5,535,204; 5,500,859; 5,471,470; 5,463,616; 5,453,986; 5,452,289; 5,450,425; D361,764; D355,658; D355,653; D353,598; D353,144; 5,355,365; 5,309,562; 5,301,274 Other Patents Pending

Trademarks

Registered Trademarks of Multi-Tech Systems, Inc. include: Multi-Tech, the Multi-Tech logo, and RouteFinder. Windows is a registered trademark of Microsoft Corporation in the United States and other countries. Kaspersky Anti-Virus engine copyright by Kaspersky Labs. All products or technologies a re the trademarks or registered trademarks of their respective holders.

Technical Support Country By Email By Phone

Europe, Middle East, Africa support@multitech.co.uk U.S., Canada, all others support@multitech.com

World Headquarters

Multi-Tech Systems, Inc. 2205 Woodale Drive Mounds View, Minnesota 55112 (763) 785-3500 or (800) 328-9717 Fax 763-785-9874 Internet Address: http://www.multitech.com

Date Description

software specifying 30-day free trial; add RAM to specifications; and reworded Memory Upgrade description in Appendix C.

Commonly Supported Subnet Addresses to the Appendix. Updated the Technical Support contact list.

Events. Updated the warranty statement. Added an RJ-45 Ethernet cable to the Ship Kit list. Added an FAQ about the Ethernet ports supporting 10/100 Mbps half-duplex and full duplex lines.

mounting brackets.

+(44) 118 959 7774

800-972-2439 or +763-785-3500

Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) 2

Table of Contents

Contents

Chapter 1 – Product Description and Specifications........................................................................................7

Product Description...........................................................................................................................................7

RouteFinder Documentation.............................................................................................................................7

RouteFinder Features.......................................................................................................................................7

Safety Warnings................................................................................................................................................8

Safety Recommendations for Rack Installations..............................................................................................8

Shutdown Caution.............................................................................................................................................8

Ship Kit Contents..............................................................................................................................................9

License Keys.....................................................................................................................................................9

Typical Applications........................................................................................................................................10

Specifications..................................................................................................................................................11

Chapter 2 – Installation and Setup.................................................................................................................... 13

System Administrator Planning.......................................................................................................................13

Planning the Network......................................................................................................................................13

Establishing an Address Table....................................................................................................................... 13

Front Panel .....................................................................................................................................................14

Cabling Procedure..........................................................................................................................................15

Rackmount Bracket Installation......................................................................................................................15

Setting up a Workstation and Starting the RouteFinder.................................................................................16

Establish TCP/IP Communication...................................................................................................................16

Set a Fixed IP Address..............................................................................................................................16

Obtain a Dynamic IP Address...................................................................................................................16

Open a Web Browser .....................................................................................................................................18

Login............................................................................................................................................................... 18

Web Management Software Opens................................................................................................................19

Navigating Through the Software Screens.....................................................................................................19

Screen Buttons..........................................................................................................................................20

Menus and Sub-Menus.............................................................................................................................20

Chapter 3 – Configuration Using Web Management Software....................................................................... 21

Initial Configuration Step.................................................................................................................................21

Second Configuration Step – Using the Wizard Setup................................................................................... 22

The Wizard Setup Screen – Configuration Example......................................................................................23

Chapter 4 – Configuration Examples................................................................................................................ 24

Example 3 – Remote Client-to-LAN Configuration Using DNAT and Aliasing............................................... 36

Example 4 – Client-to-LAN Configuration Using PPTP Tunneling................................................................. 37

Checking the Tunnel.......................................................................................................................................37

Chapter 5 – URL Categorization ........................................................................................................................ 38

Important Settings........................................................................................................................................... 38

Setting Up HTTP Proxy and URL Filtering.....................................................................................................38

Chapter 6 – RouteFinder Software ....................................................................................................................41

Menu Bar ........................................................................................................................................................41

Administration................................................................................................................................................. 42

Administration > System Setup.................................................................................................................42

Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) 3

Table of Contents

Administration > SSH................................................................................................................................44

Administration > SNTP Client....................................................................................................................45

Administration > Administrative Access....................................................................................................46

Administration > Change Root Password.................................................................................................47

Administration > Site Certificate................................................................................................................48

Administration > License Key....................................................................................................................49

Administration > Intrusion Detection .........................................................................................................50

Administration > Tools...............................................................................................................................52

Administration > System Scheduler..........................................................................................................55

Administration > Factory Defaults.............................................................................................................55

Administration > User Authentication > Local Users.................................................................................56

Administration > User Authentication > RADIUS & SAM..........................................................................57

Administration > Version Information........................................................................................................59

Administration > Restart............................................................................................................................59

Administration > Shutdown .......................................................................................................................59

Networks & Services....................................................................................................................................... 60

Networks & Services > Networks..............................................................................................................60

Networks & Services > Services ...............................................................................................................62

Networks & Services > Network Groups...................................................................................................64

Networks & Services > Service Groups....................................................................................................65

Proxy...............................................................................................................................................................66

General Information About Proxies...........................................................................................................66

Proxy > HTTP Proxy .................................................................................................................................67

Proxy > HTTP Proxy > Custom Filters......................................................................................................71

Proxy > SMTP Proxy.................................................................................................................................72

Proxy > SMTP Proxy > SMTP SPAM Filtering..........................................................................................75

Proxy > POP3 Proxy .................................................................................................................................78

Proxy > POP3 Proxy > POP3 SPAM Filtering ..........................................................................................79

Proxy > POP3 Advanced Configuration....................................................................................................81

Proxy > SOCKS Proxy ..............................................................................................................................81

Proxy > DNS Proxy...................................................................................................................................83

Network Setup ................................................................................................................................................84

About Interfaces........................................................................................................................................84

About the Interface Screen .......................................................................................................................84

Network Setup > Interface.........................................................................................................................85

Network Setup > PPP ...............................................................................................................................88

Change Your Country/Region Code .........................................................................................................89

Network Setup > PPPoE...........................................................................................................................90

Network Setup > DHCP Client..................................................................................................................91

Network Setup > Dynamic DNS (DDNS) ..................................................................................................92

Network Setup > Routes...........................................................................................................................93

Network Setup > Masquerading................................................................................................................94

Network Setup > SNAT.............................................................................................................................95

Network Setup > DNAT.............................................................................................................................96

Network Setup > Load Balancing..............................................................................................................97

Network Setup > High Availability.............................................................................................................99

DHCP Server................................................................................................................................................101

DHCP Server > Subnet Settings.............................................................................................................101

DHCP Server > Fixed Addresses............................................................................................................101

Tracking........................................................................................................................................................ 102

Tracking > Accounting.............................................................................................................................102

Tracking > Update Services....................................................................................................................103

Tracking > Backup ..................................................................................................................................105

Tracking > Version Control......................................................................................................................107

Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) 4

Table of Contents

Packet Filters................................................................................................................................................108

Packet Filters > Packet Filter Rules........................................................................................................108

Packet Filters > ICMP .............................................................................................................................110

Packet Filters > Advanced ......................................................................................................................111

Packet Filters > Enable/Disable Log.......................................................................................................113

Packet Filters > QoS ...............................................................................................................................114

VPN (Virtual Private Networks).....................................................................................................................116

VPN > IPSec ...........................................................................................................................................116

Introduction to Virtual Private Networks..................................................................................................116

VPN > X.509 Certificates ........................................................................................................................121

VPN > IPSec Bridging.............................................................................................................................121

VPN > PPTP............................................................................................................................................123

Wizard Setup – Screen Description..............................................................................................................125

Statistics & Logs ...........................................................................................................................................127

Statistics & Logs > Uptime ......................................................................................................................128

Statistics and Logs > Hardware ..............................................................................................................128

Statistics and Logs > Networks...............................................................................................................128

Statistics & Logs > Interfaces..................................................................................................................131

Statistics & Logs > SMTP Proxy .............................................................................................................131

Statistics & Logs > Accounting................................................................................................................132

Statistics & Logs > Self Monitor ..............................................................................................................132

Statistics & Logs > IPSec........................................................................................................................133

Statistics & Logs > PPTP ........................................................................................................................133

Statistics & Logs > Packet Filter..............................................................................................................134

Statistics & Logs > Port Scans................................................................................................................135

Statistics & Logs > View Logs.................................................................................................................135

Statistics & Logs > HTTP Access............................................................................................................136

Statistics & Logs > DHCP .......................................................................................................................137

Statistics & Logs > SMTP Virus Quarantines..........................................................................................137

Statistics & Logs > POP3 Virus Quarantines..........................................................................................137

Statistics & Logs > SMTP SPAM Quarantines........................................................................................137

Statistics & Logs > Administrative Authentication Log............................................................................137

Statistics & Logs > QoS ..........................................................................................................................138

Statistics & Logs > DDNS Log ................................................................................................................138

Chapter 7 – User Authentication Methods......................................................................................................139

Proxy Services and Authentication Methods...........................................................................................139

Which Method Should You Choose?......................................................................................................139

Authentication Setup.....................................................................................................................................140

Setting Up RADIUS Authentication.........................................................................................................140

Setting Up a Microsoft IAS RADIUS Server............................................................................................140

Setting Up NT/2000 SAM (SMB) Authentication.....................................................................................141

Chapter 8 – Frequently Asked Questions (FAQs)..........................................................................................142

Chapter 9 – Troubleshooting ...........................................................................................................................147

Appendix A – Disposition of Events for the RouteFinder v3.xx................................................................... 149

Appendix B – The RouteFinder Rescue Kernel..............................................................................................156

Appendix C – Table of Commonly Supported Subnet Addresses............................................................... 160

Appendix D – Hardware Upgrades & Add-ons and Software Add-ons ....................................................... 162

Hardware Upgrades and Add-ons................................................................................................................162

Software Add-ons .........................................................................................................................................163

Appendix E – RouteFinder Maintenance ........................................................................................................164

Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) 5

Table of Contents

Appendix F – Ordering Accessories............................................................................................................... 166

SupplyNet Online Ordering Instructions..................................................................................................166

Appendix G – Multi-Tech Systems, Inc. Warranty, Repairs and Replacement Policies............................ 167

Appendix H – Regulatory Compliance............................................................................................................ 169

Appendix I – License Agreements................................................................................................................... 171

GNU GENERAL PUBLIC LICENSE........................................................................................................173

URL Content Filtering End-User License Agreement.............................................................................175

Kaspersky Standard End User License Agreement................................................................................177

Appendix J – Waste Electrical and Electronic Equipment Directive (WEEE)............................................. 179

Glossary.............................................................................................................................................................180

Index...................................................................................................................................................................191

Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) 6

Chapter 1 – Product Description and Specifications

Chapter 1 – Product Description and

Specifications

Product Description

The RouteFinder® all-in-one security appliance is designed to maximize network security without compromising network performance. It offers a Stateful Packet Inspection firewall for the ultimate in firewall security. In addition, it provides optional email anti-virus protection, 30-day free trial content filtering software, as well as spam filtering. The RouteFinder security appliance uses data encryption, user authentication, and the Internet to securely connect telecommuters, remo t e offices, customers, or suppliers to the corporate office while avoiding the cost of private leased lines or dial-up charges.

RouteFinder Documentation

The Quick Start Guide is intended to provide the experienced system administrator the information needed to quickly get the RouteFinder up and running. The User Guide with more detailed information is provided on the RouteFinder CD or the Multi-Tech Systems, Inc. Web site.

RouteFinder Features

See the RouteFinder Data Sheet for detailed descriptions of the following features:

• Supports IPSec and PPTP VPN tunneling

• Utilizes Triple Data Encryption Standard (3DES) and AES encryption

• Stateful Packet Inspection firewall with packet filter rules, DNAT, SNAT, and IP Masquerade

• Optional content filtering subscription (30-day free trial included)

• Optional anti-virus subscription

• Free spam filtering for unsolicited bulk emails

• QoS (Quality of Service) / Bandwidth allocation

• Dual WAN load balancing and failover

• High availability

• Automatic dial-backup with built-in modem (RF860) or via an external dial-up modem or ISDN terminal

adapter (RF850)

• Automatic system updates to protect your network against the latest threats and DoS attacks

• Application layer security using SMTP, HTTP, DNS, and SOCKS proxies

• Secure local or remote management using HTTP, HTTPS, or SSH

• Reporting function provides valuable troubleshooting information

• Three built-in Ethernet ports (LAN, WAN, WAN2/DMZ)

• Shared Internet access via PPPoE, DHCP or static IP

• Internet access control tools provide client and site filtering

• Traffic monitoring and reporting

• IP address mapping/port forwarding and DMZ port

• RoHS compliant

• Two-year warranty

Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) 7

Chapter 1 – Product Description and Specifications

Safety Warnings

Lithium Battery Caution

Danger of explosion if battery is incorrectly replaced. A lithium battery on the RouteFinder PC board provides backup power for the time-keeping capability. The battery has an estimated life expectancy of ten years. When it starts to weaken, the date and time may be incorrect. If the battery fails, send the board back to Multi-Tech for battery replacement.

Ethernet Ports Caution

The Ethernet ports are not designed to be connected to a Public Telecommunication Network.

Software Recovery CD Warning

Do not use the Software Recovery CD for any purpose except for re-installing software onto the RouteFinder hard drive.

Telecom Warnings for Modem Operation

• Never install telephone wiring during a lightning storm.

• This product must be disconnected from the telephone network interface when servicing.

• This product is to be used with UL and cUL listed computers.

• Never touch uninsulated telephone wires or terminals unless the telephone line has been disconnected

at the network interface.

• Use caution when installing or modifying telephone lines.

• Avoid using a telephone during an electrical storm. There may be a remote risk of electri cal sho ck from

lightning.

• Do not use the telephone to report a gas leak in the vicinity of the leak.

• To reduce the risk of fire, use only No. 26 AWG or larger telecommunications line cord.

• Never install telephone jacks in a wet location unless the jack is specifically designed for wet locations.

Safety Recommendations for Rack Installations

• Ensure proper installation of the RouteFinder in a closed or multi-unit enclosure by following the

recommended installation as defined by the enclosure manufacturer.

• IMPORTANT: Do not place the RouteFinder directly on top of other equipment or place other equipment

directly on top of the RouteFinder.

• If installing the RouteFinder in a closed or multi-unit enclosure, ensure adequate airflow within the rack

so that the maximum recommended ambient temperature is not exceeded.

• Ensure that the RouteFinder is properly connected to earth ground via a grounded power cord. If a

power strip is used, ensure that the power strip provides adequate grounding of the attached apparatus.

• Ensure that the main supply circuit is capable of handling the load of the RouteFinder. Refer to the

power label on the equipment for load requirements.

• Maximum ambient temperature for the RouteFinder is 50 degrees Celsius (120° F).

• This equipment should only be installed by properly qualified service personnel.

• Only connect like circuits. In other words, connect SELV (Secondary Extra Low Voltage) circuits to

SELV circuits and TN (Telecommunications Network) circuits to TN circuits.

Shutdown Caution

Never unplug the RouteFinder power until after you have performed the Shutdown process. If the RouteFinder is not properly shut down before unplugging the Power, the next startup may take a little longer, or in the worst case, data could be lost.

Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) 8

Chapter 1 – Product Description and Specifications

Ship Kit Contents

The RouteFinder is shipped with the following:

• One Multi-Tech Systems, Inc. RouteFinder

• One external power supply with AC power cord

• RJ-45 Ethernet cable

• One printed Quick Start Guide

• Two rack mounting brackets and four mounting screws.

• One RouteFinder documentation CD which contains documentation, license agreements, Adobe

Acrobat Reader, and license keys.

• A 30-day evaluation copy of VPN client software on CD (not the full working version).

• One RouteFinder Software Recovery CD.

Warning: Do not use the Software Recovery CD for any purpose except for re-installing software onto the

RouteFinder hard drive.

Note: If any of these items are missing, contact Multi-Tech Systems or your dealer or distributor. Inspect the

contents for signs of any shipping damage. If damage is observed, do not power up the RouteFinder; contact Technical Support at Multi-Tech Systems, Inc. for advice.

License Keys

here to Find the License Key Numbers

icense Key numbers are printed on labels that are placed:

• On the bottom of the RouteFinder chassis

• On the compact flash drive inside the chassis

• On the front cover of the Quick Start Guide.

System License Key

Each RouteFinder ships with a unique individual system License Key, a 20-digit alphanumeric number. You can view License Key information from the RouteFinder's Web Management software at Administration >

License Key. This screen shows the entered License Key number and indicate s whether it is a valid License Key number.

The License Key number is tied to and tracked with your RouteFinder's serial number. Whenever you require additional licenses, you must first provide Multi-Tech with your current License Key and serial number information in order for us to update your RouteFinder. With a valid License Key, you are entitled to use MultiTech’s Update service and support.

Note: The system key is already entered into the VPN setup.

URL Categorization License Key

An 15-digit numeric key Universal Resource Locator (URL) Categorization License Key is also shipped with your RouteFinder as part of the 30-day trial offer of the URL software. This Key allows you to set up a URL database that limits clients’ access to places on the Internet by blocking sites you do not want accessed. In other words, you can deny users access to various categories of Web sites you select.

What to Do When a Trial License Key Expires

If the license key is a trial key, after expiry of the license period, the WAN interface of the RouteFinder will shut down. If the DHCP client or PPPoE is enabled, they will be disabled. You can connect to the RouteFinder through the LAN interface and enter another valid license key to proceed further. You have to manually enable the DHCP client / PPPoE after entering another valid license key.

AntiVirus License Key

AntiVirus software with its corresponding License Key is available as a special purchase from Multi-Tech.

Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) 9

Typical Applications

Remote User VPN. The client-to-

LAN VPN application replaces traditional dial-in remote access by allowing a remote user to connect to the corporate LAN through a secure tunnel over the Internet. The advantage is that a remote user can make a local call to an Internet Service Provider, without sacrificing the company’s security, as opposed to a long distance call to the corporate remote access server.

Branch Office VPN. The LAN-to-

LAN VPN application sends network traffic over the branch office Internet connection instead of relying on dedicated leased line connections. This can save thousands of dollars in line costs and reduce overall hardware and management expenses.

Firewall Security. As businesses

shift from dial-up or leased line connections to always-on broadband Internet connections, the network becomes more vulnerable to Internet hackers.

The RouteFinder provides a full-

featured firewall based on Stateful Packet Inspection technology and NAT protocol to provide security from intruders attempting to access the office LAN.

Chapter 1 – Product Description and Specifications

Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) 10

Chapter 1 – Product Description and Specifications

Specifications

Appliance Features RF850 RF860

Ethernet Ports 10/100BaseT (LAN, WAN,

WAN2/DMZ) Number of Network Users 50 100 RAM 512MB (can be upgraded to a

total of 2GB) Rackmount or Standalone Both Both

Firewall Features

Stateful Packet Inspection Yes Yes Anti-Virus Option Yes Yes Content Filtering Yes Yes Spam Filtering Yes Yes Application Proxies Yes Yes Port and IP Filtering Yes Yes Denial of Service Protection (DoS) Yes Yes Network Address Translation (NAT) Yes Yes Virtual Server Yes Yes Intrusion/Port Scan Detection Yes Yes H.323 Pass Through Yes Yes

VPN Features

Remote User (Client-to-LAN) Yes Yes Branch Office (LAN-to-LAN) Yes Yes 3DES/AES Encryption Yes Yes Encryption Throughput 5M 15M IPSec/PPTP VPN Yes Yes Total Number of Tunnels 50 100 Dynamic-to-Dynamic Tunneling Yes Yes VPN Using FQDN Yes Yes x.509 Certificates Yes Yes

Management Features

Email Alerts Yes Yes Local & Remote Management Yes Yes Logging Yes Yes Reporting Yes Yes Web Based (HTTP, HTTPS/SSL) Yes Yes Secure Shell (SSH) Yes Yes Syslog Yes Yes

Other Features

Shared Internet Access Yes Yes Automatic Dial-Backup Yes Yes Integrated Modem No Yes Dual WAN Load Balancing Yes Yes Internet/VPN Failover Yes Yes High Availability Yes Yes QoS/Bandwidth Allocation Yes Yes PPPoE Yes Yes DHCP Client/Server Yes Yes User Authentication (Web Acce ss) Yes Yes Live Updates Yes Yes Warranty 2 Years 2 Years

10/100BaseT (LAN, WAN, WAN2/DMZ)

1GB (can be upgraded to a total of 2GB)

Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) 11

Chapter 1 – Product Description and Specifications

Power & Physical Description RF850 RF860

Power - Voltage & Frequency 100-240v AC, 50-60 Hz 100-240v AC, 50-60 Hz Power Consumption 42 Watts +12Vdc @ 3.5A 42 Watts +12Vdc @ 3.5A Physical Description Dimensions:

12" w × 1.75" h × 8" d; (30.4cm × 4.45cm × 20.3cm) Weight: 4.4 lbs. (2.0 kg)

Operating Environment Temperature Range:

32° to 120° F (0-50°C) Humidity: 25-85%

Dimensions: 12" w × 1.75" h × 8" d; (30.4cm × 4.45cm × 20.3cm) Weight: 4.6 lbs. (2.1 kg) Temperature Range: 32° to 120° F (0-50°C) Humidity: 25-85% noncondensing

noncondensing

Approvals FCC Part 68

FCC Part 15 (Class A) CE Mark UL60950

FCC Part 68 FCC Part 15 (Class A) CE Mark UL60950

Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) 12

Chapter 2 – Installation and Setup

System Administrator Planning

• The system administrator must complete these setup requirements before in stalling the RouteFinder

software:

• Set the correct configuration of the Default Gateway

• Install an HTTPS-capable browser (e.g., the latest version of Microsoft Internet Explorer or Netscape

Navigator)

• Activate JavaScript and Cascading Style Sheets

• Make sure that no proxies are entered in the browser

• If Secure Shell (SSH) is to be used, you must install an SSH client program (e.g., PuTTY in Windows or

the bundled SSH client in most Linux packages).

Planning the Network

Before you begin the installation process, you should plan your network and decide which computer i s to have access to which services. This simplifies configuration and saves you a lot of time that you would otherwise need for corrections and adjustments.

RouteFinder Connection between Your Internal Network and the External Network

Establishing an Address Table

Enter your configuration information into the appropriate field of the Address Table below. You can use this table to keep track of your specific RouteFinder and network information (e.g., the IP address used, email lists, etc.) and keep for future reference.

Network Card connected to the internal network (LAN on eth0) Network Card connected to the external network (WAN on eth1) Network Card connected to the WAN2 / DMZ (eth2)

Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) 13

IP Address Net Mask Default Gateway

___.___.___.___ ___.___.___.___ ___.___.___.___

___.___.___.___

Front Panel

LEDs Description

10MB

ACT

100MB

Disk ACT Status

Power

WAN1, WAN2/DMZ Lights when a successful 10Base-T Internet connection is

established.

LAN Lights when a successful 10Base-T Ethernet connection is established. WAN1, WAN2/DMZ Blinks when it is receiving or transmitting data. LAN Blinks when it is receiving or transmitting data. WAN1, WAN2/DMZ Lights when a successful 100Base-T Internet connection is

established. LAN Lights when a successful 100Base-T Ethernet connection is established. Lights when the disk drive is accessed. When functioning normally, the LED blinks. The LED is a solid light when the

RouteFinder is booting up, saving the configuration, restarting, or updating the firmware.

Lights when power is being supplied to the RouteFinder.

Chapter 2 – Installation and Setup

Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) 14

Chapter 2 – Installation and Setup

Cabling Procedure

Make the proper connections as illustrated in this drawing of the RouteFinder back panel.

Basic Connections

1. Using an RJ-45 Ethernet cable, connect the LAN jack to a PC, internal network switch, or hub.

Note: Use a cross-over Ethernet cable if connecting to a single device.

2. Using an RJ-45 Ethernet cable, connect the WAN 1 jack to a cable modem or DSL modem

connected to an Internet Service Provider.

3. Using the supplied POWER cord, plug one end into the RouteFinder power plug, and the other end

into a live power outlet.

Note: The status LED blinks continuously after power-up.

4. Wait for the RouteFinder to beep five times, indicating that it is ready to be configured with a Web

browser. This may take two or three minutes.

Optional Connections

1. Using an RJ-45 Ethernet cable, connect the WAN2 / DMZ jack to a network or DMZ device. For

example, a Voice over IP gateway.

2. Using a DB-9 cable, connect COM 1 port to a mouse or the COM port on a PC.

3. Using a DB-15 DSUB cable, connect the VIDEO port to a monitor.

4. Connect the Keyboard jack to a keyboard.

5. Using a USB connector, connect a memory stick, a floppy drive, a CD-ROM drive, a keyboard,

mouse, etc.

Rackmount Bracket Installation

The RouteFinder is shipped with two rackmount brackets and four rackmount screws for installing the RouteFinder VPN into an industry-standard EIA 19-inch rack.

Note: The rackmount screws provided in this kit are included for the purpose of attaching the brackets to the

RouteFinder as shown below. It is up to you to provide the bracket-to-rack mounting screws. Use the rack manufacturer’s documentation and procedures to safely and securely install the RouteFinder into

the rack.

RouteFinder Shown from the Back

Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) 15

Chapter 2 – Installation and Setup

Setting up a Workstation and Starting the RouteFinder

This section of the Quick Start covers the steps for setting up TCP/IP communication on the PC(s) connected to the RouteFinder, starting up the RouteFinder, and opening the RouteFinder Web Management prog ram.

Establish TCP/IP Communication

The RouteFinders have built-in DHCP server functionality, so you can set the PC to obtain a dynamic IP address. The following directions are for Windows 2000+/XP operating systems.

Set a Fixed IP Address

To set a Fixed IP Address, check Specify an IP address instead of Obtain an IP address automatically. Then click OK.

1. Enter the workstation IP address as 192.168.2.x. Note that the x in the add ress stands for numbers 101

and up.

2. Enter the Subnet mask as 255.255.255.0

3. Enter the Default gateway as 192.168.2.1

4. Close out of the Control Panel.

5. Repeat these steps for each PC on your network.

Obtain a Dynamic IP Address

To obtain a dynamic IP address so it can be assigned to the Ethernet port:

1. Make the RouteFinder connections as described on the previous two pages.

2. Click Start | Settings | Control Panel. Double-click the Network Connections icon.

3. The Network Connections screen displays. Right-click the Local Area Connection icon and choose

Properties from the drop down list.

Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) 16

Chapter 2 – Installation and Setup

4. The Local Area Connection Properties dialog

box displays.

• Select Internet Protocol [TCP/IP].

• Click the Properties button.

5. Once you click the Properties button, the following

screen displays. To have your DHCP client obtain a dynamic IP address, click the button for Obtain an

IP address automatically.

6. Close out of the Control Panel.

7. Repeat these steps for each PC on your network.

Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) 17

Chapter 2 – Installation and Setup

Open a Web Browser

Note: Be sure that the RouteFinder is cabled and that the power is connected. See the cabling dra wing s at the

beginning of this chapter. Bring up a Web browser on the workstation.

1. Type the default Gateway address: https://192.168.2.1

2. Press Enter

IMPORTANT: Be sure to type https (http will not work). Note: Make sure your PC’s IP address is in the same network as the router’s IP address.

IPCONFIG is a tool for finding a computer’s default gateway and MAC address. In some environments, one or more Security Alert screen(s) may display. At the following Security

Alert screen, click Yes and follow any additional on-screen prompts.

The Login screen displays after you type the default Gateway address:

• Type the default User name: admin (all lower-case)

• Tab to the Password field and type the default password: admin (all lower-case ).

• Click the Login button.

Note: User name and Password entries are case-sensitive (both must be typed in lower-case). A password

can be up to 12 characters. If Windows displays the AutoComplete screen, you may want to click No to tell Windows OS to not remember the password for security reasons.

• Password Caution: Use a safe password! Your first name spelled backwards is not a

sufficiently safe password; a password such as xfT35$4 is better. It is recommended that you change the default password. Create your own password.

• If someone else is already logged into the RouteFinder or you were logged in recently, the

following message displays.

Click Yes. (If you click No, you are returned to the Login screen.)

Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) 18

Chapter 2 – Installation and Setup

Web Management Software Opens

The Web Management software Home screen displays. This software is factory-installed on your RouteFinder.

(This is a view of the top part of the Home screen.)

A description of the Web Management software continues in Chapter 4. Before using the software, you may find the following information about navigating the screens and the structuring of the menus helpful.

Navigating Through the Software Screens

Bar

Sub Menu

Other Options

Screen

Name

Input / Display Area

RouteFinder Menu Bar

Sub-Menu

Each item on the Menu Bar has its own sub-menu, which displays on the left side of the screen. When you click one of the Menu Bar buttons, the first sub-menu option displays. You can choo se othe r sub-menu screens by clicking the screen name in the sub-menu list.

This is an example of the Networks & Services sub-menu.

Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) 19

Chapter 2 – Installation and Setup

Screen Buttons

Home The main screen.

Wizard Setup Change passwords and quickly set up your RouteFinder with the basic configuration that

will set it up as a firewall.

Help Describes what to do on each screen. Logout Logout and return to the login screen.

Menus and Sub-Menus

Administration Networks &

Services

System Setup SSH SNTP Client Administrative Access

Networks Services Network Groups

Service Groups Change Root Password Site Certificate License Key Intrusion Detection Tools System Scheduler Factory Defaults User Authentication

Local Users Radius & SAM

Version Information

Proxy Network

Setup

HTTP Proxy

Custom Filters

SMTP Proxy

SMTP SPAM Filtering

POP3 Proxy

POP3 SPAM Filtering Advanced

Configurations SOCKS Proxy DNS Proxy

Interface PPP PPPoE DHCP Client Dynamic DNS Routes Masquerading SNAT DNAT Load Balancing High Availability

Restart Shutdown

Tracking Packet Filters VPN Statistics & Logs

Accounting Update Services Backup Version Control

Packet Filter Rules ICMP Advanced Enable/Disable Log QoS

IPSec X.509 Certificates IPSec Bridging PPTP

Uptime Hardware Networks Interfaces SMTP Proxy Accounting Self Monitor IPSec PPTP Packet Filter Port Scans View Logs HTTP Access DHCP SMTP Virus Quarantine POP3 Virus Quarantine SMTP Spam Quarantine Administrative Authentication Log QoS DDNS

DHCP Server

Subnet Settings Fixed Addresses

Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) 20

Chapter 3 – Configuration Using Web Management Software

Chapter 3 – Configuration Using Web

Management Software

Initial Configuration Step

Set Up Your Time Zone

• Click Administration on the Menu Bar. The System Setup screen displays.

• Set the following:

• Set System Time by selecting your Time Zone

• Set the current Day, Month, Year, Hour, and Minute

Administration

System Setup

Submenu and first screen listed on the submenu (System Setup) display when you click on your Menu choice (Administration)

System Time

Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) 21

Chapter 3 – Configuration Using Web Management Software

Second Configuration Step – Using the Wizard Setup

Using the Wizard Setup is a quick way to enter the basic configuration parameters to allow communication between the LAN’s workstation(s) and the Internet as shown in the example below.

Important Note: An initial configuration must be completed for each type of RouteFinder functions: firewall

configuration, LAN-to-LAN configuration, a LAN-to-Remote Client configuration.

Note about License Agreements: It is suggested that you read the legal information and license agreements

before beginning the configuration. This information can be found in the RouteFinder User Guide on the RouteFinder CD.

RouteFinder Initial Configuration

Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) 22

Chapter 3 – Configuration Using Web Management Software

The Wizard Setup Screen – Configuration Example

Click on the Wizard Setup button located under the Menu Bar. The Wizard Setup screen displays. The screen establishes the firewall setup and can be used to enter initial data for other setups.

1. Enter your Administrator Email Address (can be anything). Example: admin@yourdomain.com

2. Enter your Hostname for the RouteFinder (can be anything).

Example: RouteFinder.domainname.com

3. LAN IP Address and Subnet Mask def ault into the fields. These should be acceptable for your site.

4. Enter the WAN IP Address. This is the PUBLIC STATIC IP address.

Set this option based on information provided by your ISP. Example: 204.26.122.103

5. Change the Gateway IP address. This is the IP address of the router that connects to the Internet.

Example: 204.26.122.1

6. Place a checkmark in the Packet Filter Rule LAN-ANY-ANY-ACCEPT box to enable the rule.

7. Change Password Settings as appropriate for your network. It is highly recommended that you

change all default passwords. Do not leave them at the defaults for security reasons.

8. Click Save to save the settings you just entered.

9. The following message displays. Click OK to close the message box and save your changes.

Click OK to save the changes. Please be patient. Setup will take a few minutes to implement the changes. Do not close the Browser.

Click OK to close the message box and save your changes.

10. One more message displays. Note that saving your settings will take 1-2 minutes.

Please do not close the browser. Server is saving the values. After a few minutes you will be redirected to the new IP address. If you are not redirected, change the address in the location bar to 192.168.2.1.

11. Test your workstation to see that it can access the Internet. If a connection is established, then the

settings have been entered correctly.

Your Basic Configuration Is Now Complete.

Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) 23

Chapter 4 – Configuration Examples

These examples show how to configure the RouteFinder using the entire Web Management software program. The Wizard Setup utility provides a basic firewall connection, while the Web Management sof t ware allows you to configure VPN features, management features, and other options (see the menu outline in Chapter 2).

Example 1 – Setup Two RouteFinders

The example can be used for a LAN-to-LAN (branch office) setup. It requires two RouteFinders - one in the home office and one in the remote branch office and requires additional parameters beyond the Wizard Setup to be entered.

Side A Side B

RouteFinder Setup – Side A

Networks & Services > Networks Setup

1. Log in to your RouteFinder software and go to Net works & Services > Network Configuration

screen.

2. Click the Add button to open the fields for entering your network information.

3. Create a new network name for the Remote WAN by entering a Name, IP Address, and

Subnet Mask. For this example, enter the following:

Name: Remote-WAN IP Address: 65.126.90.248 Subnet Mask: 255.255.255.255

4. Create a new network name for the Remote LAN by entering a Name, IP Address, and Subnet

Mask. For this example, enter the following:

Name: Remote-LAN IP Address: 192.168.25.0 Subnet Mask: 255.255.255.0

5. Click Add to add the network to the li st.

Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) 24

Chapter 4 – Configuration Examples

Example 1, Side A

Packet Filters > Packet Filter Rules

1. Go to the Packet Filters > Packet Filter Rules screen to set the VPN client tunnel rights. The

Packet Filter rights established on this screen give the client access across the tunnel to your host network.

2. In the System Defined Rules section, uncheck the Status box, if a check mark is present when

setting up User Defined Rules.

3. In the Add User Defined Packet Filter Rules section, click on From (Host/Networks) and select

the network to be allowed.

4. In this example, select Remote-WAN.

5. If you are not restricting the type of Service, select Any.

6. If you are not restricting any Network. Click on To (Host/Network), select Any.

Notes:

• If the client is dynamic (unknown), set up a Remote-WAN Any Any ACCEPT filter to allow any

network to come in.

• You might want to add LAN Any Any ACCEPT to the User Defined Packet Filter Rules. If you

want this rule to be in the first position so that it takes precedence over the VPN-Client rule, select the Move command, and move this rule to the first position.

VPN Setup

1. Go to the VPN > IPSec screen.

2. Click the VPN Status check box to enable IPSec. Then click the Save button.

3. Select Add IKE Connection by clicking the corre spo nding Add button.

Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) 25

Chapter 4 – Configuration Examples

Example 1, Side A

VPN Setup (Continued)

The Add IKE Connection screen displays. All settings can be left at the default unless otherwise indicated:

1. Connection Name: Enter in the name of the VPN tunnel you want to create.

Example: Test-Tunnel

2. Secret: Enter a Secret password (which has to match on both ends of the tunnel). For this

example, enter test.

3. Select Encryption: Select 3DES.

4. Local WAN IP: Select WAN.

5. Local LAN: Select LAN.

6. Remote Gateway IP: Select Remote-WAN. (select ANY if unknown)

7. Remote LAN: Select Remote-LAN.

8. Click the Save button to save your tunnel.

The VPN > IPSec Status screen displays; this time showing the newly-created VPN tunnel.

Important Note:

Make sure to check the Status box for this VPN tunnel in order to activate it.

Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) 26

RouteFinder Setup – Side B

Networks & Services > Network

1. Log in to your RouteFinder software and go to Net works & Services > Network Configuration

2. Click the Add button to open the fields fo r entering your network information.

3. Create a new network name for the Remote LAN by entering a Name, IP Address, and Subnet

4. Click Add to add the network to the li st.

5. Create a new network name for the Remote WAN by entering a Name, IP Address, and

6. Click Add to add the network to the li st

Note: The same address/mask pair should not be prese nt in the current list displayed on the

screen.

Side A Side B

screen.

Mask. For this example, enter the following:

Name: Remote-LAN IP Address: 192.168.2.0 Subnet Mask: 255.255.255.0

Subnet Mask. For this example, enter the following:

Name: Remote-WAN IP Address: 65.126.90.250 Subnet Mask: 255.255.255.255

Chapter 4 – Configuration Examples

Example 1, Side B

Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) 27

Chapter 4 – Configuration Examples

Example 1, Side B

Packet Filters > Packet Filter Rules

1. Go to the Packet Filters > Packet Filter Rules screen to set the VPN client tunnel rights. The

Packet Filter rights established on this screen give the client access across the tunnel to your host network.

2. In the System Defined Rules section, uncheck the Status box, if a check mark is present when

adding User Defined Packet Filters Rules.

3. In the Add User Defined Packet Filter Rules section, click on From (Host/Networks) and select

the network to be allowed. In this example, select Remote-LAN.

4. If you are not restricting the type of service, select Any.

5. If you are not restricting what network. Click on To (Host/Network), select Any.

Notes:

• If the client is dynamic (unknown), set up a Remote-LAN Any Any ACCEPT filter to allow any

network to come in.

• You will need to add LAN Any Any ACCEPT to the User Defined Packet Filter Rules. If you

want this rule to be in the first position so that it takes precedence over the VPN-Client rule, select the Move command, and move this rule to the first position.

VPN Setup

1. Go to the VPN > IPSec screen.

2. Click the VPN Status check box to enable IPSec. Then click the Save button.

3. Select Add an IKE Connection by clicking the correspondi ng Add button.

Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) 28

Chapter 4 – Configuration Examples

Example 1, Side B

VPN Setup (Continued)

The Add an IKE Connection screen displays. All settings can be left at the default unless otherwise indicated:

1. Connection Name: Enter in the name of the VPN tunnel you want to create. Example: Test-

Tunnel.

2. Secret: Enter the Secret password (which has to match on both en ds of the tunnel). For this

example, enter test.

3. Select Encryption: Select 3DES.

4. Local WAN IP: Select WAN

5. Local LAN: Select LAN

6. Remote Gateway IP: Select Remote-WAN (Select Any if unkno wn)

7. Remote LAN: Select Remote-LAN.

8. Click the Save button to save your tunnel.

The VPN > IPSec Status screen displays; this time showing the newly-created VPN tunnel.

Important Note:

Make sure to check the Status box for this VPN tunnel in order to activate it.

Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) 29

Chapter 4 – Configuration Examples

Example 2, Side A

Example 2 – Set Up Two RouteFinders Behind a NAT Device

Side A Side B

RouteFinder Setup – Side A

Networks & Services > Networks

1. Login to your RouteFinder and go to the Networks & Services > Network Configuration

screen.

2. Click the Add button to open the fields fo r entering the network information.

3. Create a new network name for the RF850-LAN by entering the Name, IP Address, and

Subnet Mask. For this example, enter the following:

Name: RF850-LAN IP Address: 192.168.25.0 Subnet Mask: 255.255.255.0

4. Click the Add button to add the new network to the list.

5. Create a new network name for the RF850-WAN by entering the Name, IP Address, and

Subnet Mask. For this example, enter the following:

Name: RF850-LAN IP Address: 65.126.90.248 Subnet Mask: 255.255.255.255

6. Click the Add button to add the new network to the list.

Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) 30

+ 164 hidden pages

Multitech RouteFinder RF850, RouteFinder RF860 User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual